Jump to content

Difficulty Shutting Malware Bytes V2 in XP


Recommended Posts

This is a repeat topic as i have been through a long threat removal process with psychotic, but the problem of shutting down mbam.exe remains. Using XP, shutting down takes up to one minute after exiting the program. Now what's happening, and that it does eventually close after a long hang, it's not such a worry, but it shouldn't happen, should it?

Link to post
Share on other sites

@autolycus:

Let's start with a fresh set of logs for the staff and experts to review: Diagnostic Logs

As you have probably run FRST on this computer before, please be sure there is a check mark for the "Addition.txt" option before you run the tool.

Then please post back here with all 3 logs.

 

@jimb11:

As you are on a different version of Windows, and as each computer is unique, it's unlikely that your problem and @autolycus's are truly the same, even though they sound similar.

In any event, it looks like AdvancedSetup awaits your reply to his last advice in your own topic here: https://forums.malwarebytes.org/index.php?/topic/154752-hangs-at-shutdown/#entry866723

It would reduce confusion for everyone if you would please stay with your own topic.

That way both you and @autolycus can receive individualized help.

 

Thanks very much,

Link to post
Share on other sites

  • Root Admin

Please remove the following entry from the Registry entry.

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    C:\WINDOWS\explorer.exe

 

 

Then restart the computer.  Then run the following and post back the results

 

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Link to post
Share on other sites

OK done thanks. No detections

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/08/2014
Scan Time: 16:44:01
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.20.05
Rootkit Database: v2014.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: bully

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 276126
Time Elapsed: 5 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Root Admin

Yes, but computer hardware and age are certainly a factor. Please run the scan below again and make sure you place a check mark in the Additions.txt check box and post back both new logs.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.


 

Link to post
Share on other sites

  • Root Admin

Please fully disable your P2P software or uninstall it while we're helping you.

(BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe

 

I would recommend that you delete these tasks and uninstall these updates. They're just annoying alerts from Microsoft telling you that XP is no longer supported.

 

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

 

You also have the following issues

 

 


System errors:
=============
Error: (08/20/2014 04:41:39 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (08/20/2014 04:41:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LiveUpdate service failed to start due to the following error:
%%2
 

 

 

Please download Malwarebytes Anti-Rootkit from HERE
If needed there is a self help tutorial here: MBAR tutorial

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

Link to post
Share on other sites

Hi - i uninstalled utorrent again and deleted the two tasks. Not sure what to do about the system errors you mentioned. Ran the MB anti-rootkit and got the message that the PC was clean. Then closed the program and got the 'not responding' in the title bar for about a minute and then the app closed.Rather like MB anti-malware.

system-log.txt

mbar-log-2014-08-21 (13-52-22).txt

Link to post
Share on other sites

  • Root Admin

I've moved your topic into the malware removal forum as we're beyond the scope of the general forum now.

 

Please open the folder where you extracted MBAR and in that folder you'll find a folder called PLUGIN - then in there is a file named FIXDAMAGE.EXE please double-click and run that file and then restart the computer.

After you restart the computer please run the following.

 

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply.


 

 

Then run this tool again but  make sure you place a check mark in the Additions.txt check box to get a new log for that as well.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.


 

Link to post
Share on other sites

OK requested files below.  In case it's relevant, as in the other thread, i don't run system restore as it's always failed when i really needed it in the past. For some years now i've run macrium reflect every couple of weeks and it's never let me down.

 

I'm also a bit confused because @psychotic advised me after a couple of days running these type of programs that i was malware-free. Have we gone back to looking for malware? Not complaining, just,as i say, a bit confused.

 

Farbar Service Scanner Version: 21-07-2014
Ran by bully (administrator) on 22-08-2014 at 11:13:04
Running from "C:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
C:\WINDOWS\system32\wscsvc.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014
Ran by bully (administrator) on WWFC-B7DFF83E8A on 22-08-2014 11:19:36
Running from C:\
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [soundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [161584 2014-08-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-07-23] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\.DEFAULT\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1614895754-1606980848-725345543-1004\...\Policies\Explorer: [NoDriveAutoRun] 0xFFFFFF03
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} -  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wiziwig.tv/competition.php?part=sports&discipline=football
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {8FFE86AA-91B3-4E7D-B4D5-84C05869B836} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKCU - {E383ABC7-830B-4541-B612-82DD66CE8850} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1381317984392
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\bully\Application Data\Mozilla\Firefox\Profiles\e8sr68fs.default-1406300849984
FF Homepage: hxxp://homepage.ntlworld.com/erwin.flick/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.1.10.1 -> C:\Documents and Settings\bully\Application Data\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Documents and Settings\bully\Application Data\Mozilla\Firefox\Profiles\e8sr68fs.default-1406300849984\searchplugins\avira-safesearch.xml
FF Extension: AS Magic Player - C:\Documents and Settings\bully\Application Data\Mozilla\Firefox\Profiles\e8sr68fs.default-1406300849984\Extensions\magicplayer@acestream.org [2014-08-17]
FF Extension: InFormEnter - C:\Documents and Settings\bully\Application Data\Mozilla\Firefox\Profiles\e8sr68fs.default-1406300849984\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920} [2014-07-25]
FF Extension: MAFIAAFire Redirector - C:\Documents and Settings\bully\Application Data\Mozilla\Firefox\Profiles\e8sr68fs.default-1406300849984\Extensions\MafiaaFire@mafiaafire.com.xpi [2014-08-19]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-25]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-07]
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Documents and Settings\bully\Application Data\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Documents and Settings\bully\Application Data\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2014-08-20]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx []
CHR HKCU\...\Chrome\Extension: [kpckgflgdapkpabemgkielbefdildaio] - C:\Documents and Settings\bully\Application Data\ACEStream\extensions\chrome_new\magicplayer.crx [2013-11-07]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [149296 2014-08-04] (Avira Operations GmbH & Co. KG)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2004-05-24] (Lexmark International, Inc.)
R2 OS Selector; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2010-05-25] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2014-07-21] (Paramount Software UK Ltd)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
S2 Skype C2C Service; "C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ADIDTSFiltService; C:\WINDOWS\System32\drivers\adidts.sys [139776 2006-12-08] (Analog Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [101904 2010-07-21] (ATI Technologies, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-07-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2014-07-23] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [33408 2012-06-09] (B.H.A Corporation) [File not signed]
S3 GT680x; C:\WINDOWS\System32\Drivers\gt680x.sys [12416 2006-06-16] (         )
S3 libusb0; C:\WINDOWS\System32\drivers\libusb0.sys [21504 2012-03-02] (http://libusb-win32.sourceforge.net) [File not signed]
R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [52736 2011-04-05] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [18944 2011-04-05] (NVIDIA Corporation)
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
S3 PSVolAcc; C:\WINDOWS\system32\Drivers\PSVolAcc.sys [12248 2014-07-21] (Paramount Software UK Ltd)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2012-06-12] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2014-07-23] (Avira GmbH)
S3 uac4pdt; C:\WINDOWS\System32\DRIVERS\uac4pdt.sys [15232 2005-02-24] (Micronas GmbH)
S4 IntelIde; No ImagePath
S3 LVUSBSta; system32\drivers\lvusbsta.sys [X]
S3 QCMerced; system32\DRIVERS\LVCM.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-22 11:19 - 2014-08-22 11:19 - 00011757 _____ () C:\FRST.txt
2014-08-22 11:18 - 2014-08-22 11:18 - 01094144 _____ (Farbar) C:\FRST.exe
2014-08-22 11:13 - 2014-08-22 11:13 - 00002806 _____ () C:\FSS.txt
2014-08-22 11:11 - 2014-08-22 11:11 - 00415232 _____ (Farbar) C:\FSS.exe
2014-08-22 10:51 - 2014-08-22 10:51 - 00000000 ____D () C:\mbar
2014-08-21 19:41 - 2014-08-21 19:42 - 04968079 _____ (Tim Kosse) C:\Documents and Settings\bully\Desktop\FileZilla_3.8.0_win32-setup.exe
2014-08-21 17:53 - 2014-08-21 17:53 - 00699568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-21 17:53 - 2014-08-21 17:53 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-21 17:10 - 2014-08-21 17:10 - 00000000 ____D () C:\SonyTV software
2014-08-21 16:50 - 2014-08-21 16:50 - 00000000 ____D () C:\MBanti-rootkit
2014-08-21 13:51 - 2014-08-21 13:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-08-20 18:36 - 2014-08-22 00:12 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\.ACEStream
2014-08-20 18:36 - 2014-08-20 18:36 - 00002012 _____ () C:\Documents and Settings\bully\Desktop\Ace Player.lnk
2014-08-20 18:35 - 2014-08-20 18:36 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\ACEStream
2014-08-19 19:31 - 2014-08-19 19:31 - 00873680 _____ (Opera Software) C:\Documents and Settings\bully\My Documents\Opera_NI_stable.exe
2014-08-19 19:31 - 2014-08-19 19:31 - 00000000 ____D () C:\Documents and Settings\bully\Local Settings\Application Data\Opera Software
2014-08-19 19:31 - 2014-08-19 19:31 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\Opera Software
2014-08-19 16:51 - 2014-08-22 11:19 - 00000000 ____D () C:\FRST
2014-08-19 00:27 - 2014-08-19 00:27 - 02347384 _____ (ESET) C:\Documents and Settings\bully\Desktop\esetsmartinstaller_enu.exe
2014-08-19 00:21 - 2014-08-19 00:21 - 00001537 _____ () C:\Documents and Settings\bully\Desktop\mkvmerge.lnk
2014-08-18 22:12 - 2014-08-22 10:50 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\uTorrent
2014-08-18 21:59 - 2014-08-18 21:59 - 00004012 _____ () C:\Documents and Settings\bully\Local Settings\Application Data\recently-used.xbel
2014-08-18 13:26 - 2014-08-18 13:26 - 00002415 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-08-18 13:26 - 2014-08-18 13:26 - 00000000 ___RD () C:\Program Files\Skype
2014-08-18 13:26 - 2014-08-18 13:26 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-18 13:26 - 2014-08-18 13:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-08-18 11:38 - 2014-08-18 12:26 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-17 21:52 - 2014-08-17 21:52 - 00007561 _____ () C:\Documents and Settings\bully\My Documents\My Backup(1).xml
2014-08-17 12:44 - 2014-08-17 12:45 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\vlc
2014-08-16 10:59 - 2014-08-16 11:00 - 00000000 ____D () C:\Documents and Settings\bully\Start Menu\Programs\SopCast
2014-08-16 10:59 - 2014-08-16 10:59 - 00000666 _____ () C:\Documents and Settings\bully\Desktop\SopCast.lnk
2014-08-16 10:57 - 2014-08-16 10:59 - 00000000 ____D () C:\Program Files\SopCast
2014-08-15 18:31 - 2014-08-15 18:31 - 00000000 ____D () C:\Program Files\ESET
2014-08-15 11:23 - 2014-08-15 11:23 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\Avira
2014-08-15 11:22 - 2014-08-15 11:22 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Avira
2014-08-15 11:21 - 2014-07-23 13:29 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-08-15 11:21 - 2014-07-23 13:29 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-08-15 11:21 - 2014-07-23 13:29 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2014-08-15 11:21 - 2014-07-23 13:29 - 00028520 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2014-08-15 11:20 - 2014-08-15 11:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-08-15 11:20 - 2014-08-15 11:21 - 00000000 ____D () C:\Program Files\Avira
2014-08-15 11:20 - 2014-08-15 11:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira
2014-08-15 11:20 - 2014-08-15 11:20 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-08-15 11:14 - 2014-08-21 13:51 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-15 11:10 - 2014-08-21 13:50 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-15 11:10 - 2014-08-15 11:10 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-15 11:10 - 2014-08-15 11:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-15 11:10 - 2014-08-15 11:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-15 11:10 - 2014-08-15 11:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-15 11:10 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-14 10:48 - 2014-07-31 23:42 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-13 13:25 - 2014-08-13 13:36 - 00001085 _____ () C:\Documents and Settings\bully\My Documents\virgin outages.txt
2014-08-08 10:27 - 2014-08-08 10:27 - 00000068 _____ () C:\Documents and Settings\bully\My Documents\TESCO CODES.txt
2014-08-07 15:01 - 2014-08-07 15:02 - 00000644 _____ () C:\Documents and Settings\bully\Desktop\Recording Control.lnk
2014-08-05 13:45 - 2014-08-05 13:45 - 00007680 ___SH () C:\WINDOWS\Thumbs.db
2014-08-04 20:34 - 2014-08-04 20:34 - 00000047 _____ () C:\Documents and Settings\bully\My Documents\ebay sounds web address.txt
2014-08-04 19:18 - 2014-08-04 19:18 - 00000160 _____ () C:\Documents and Settings\bully\My Documents\atervista settings.txt
2014-08-04 19:01 - 2014-08-04 19:01 - 00000259 _____ () C:\Documents and Settings\bully\My Documents\feeola settings.txt
2014-08-03 19:38 - 2014-08-03 19:44 - 00000218 _____ () C:\Documents and Settings\bully\My Documents\ip settings.txt
2014-08-03 15:47 - 2014-08-03 15:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Macrium
2014-08-02 23:52 - 2014-08-22 10:59 - 00182530 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-08-02 23:52 - 2014-08-21 11:42 - 00182530 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1614895754-1606980848-725345543-1004-0.dat
2014-07-30 17:32 - 2014-07-30 17:32 - 00000732 _____ () C:\Documents and Settings\bully\Desktop\SubtitleEdit.lnk
2014-07-30 12:05 - 2014-08-15 15:54 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-07-29 15:56 - 2014-07-29 15:56 - 00000422 _____ () C:\Documents and Settings\bully\My Documents\lloyscomplaint.txt
2014-07-29 14:27 - 2014-07-29 14:27 - 00000012 _____ () C:\Documents and Settings\bully\My Documents\virgin freephone.txt
2014-07-27 23:31 - 2014-07-29 22:41 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\MPC-HC
2014-07-27 23:31 - 2014-07-27 23:31 - 00000522 _____ () C:\Documents and Settings\bully\Desktop\mpc-hc.lnk
2014-07-27 23:30 - 2014-07-27 23:31 - 00000000 ____D () C:\MPC-HC.1.7.6.x86
2014-07-26 20:05 - 2014-07-26 20:05 - 04907008 _____ () C:\Documents and Settings\bully\My Documents\VTS_01_0.sub
2014-07-26 20:05 - 2014-07-26 20:05 - 00038018 _____ () C:\Documents and Settings\bully\My Documents\VTS_01_0.idx
2014-07-25 17:57 - 2014-08-14 23:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-25 17:43 - 1998-10-09 14:17 - 00384784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2014-07-25 17:43 - 1998-09-30 12:26 - 00049936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SeCEdit.exe
2014-07-25 17:43 - 1998-09-30 12:24 - 00242448 _____ (Microsoft Corporation) C:\WINDOWS\system32\scedll.dll
2014-07-25 17:43 - 1998-03-31 16:37 - 00029968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Rshx32_5.dll
2014-07-23 19:05 - 2014-08-18 21:59 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\deluge

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-22 11:19 - 2014-08-22 11:19 - 00011757 _____ () C:\FRST.txt
2014-08-22 11:19 - 2014-08-19 16:51 - 00000000 ____D () C:\FRST
2014-08-22 11:19 - 2012-05-07 19:40 - 00000000 ____D () C:\Documents and Settings\bully\Local Settings\Temp
2014-08-22 11:18 - 2014-08-22 11:18 - 01094144 _____ (Farbar) C:\FRST.exe
2014-08-22 11:13 - 2014-08-22 11:13 - 00002806 _____ () C:\FSS.txt
2014-08-22 11:11 - 2014-08-22 11:11 - 00415232 _____ (Farbar) C:\FSS.exe
2014-08-22 11:01 - 2012-05-07 19:37 - 01089198 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-22 11:00 - 2014-07-21 13:30 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-22 11:00 - 2014-07-21 13:30 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-22 11:00 - 2013-08-09 10:43 - 00000444 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-08-22 11:00 - 2012-05-07 19:40 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-22 11:00 - 2012-05-07 13:44 - 00262144 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-08-22 10:59 - 2014-08-02 23:52 - 00182530 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-08-22 10:59 - 2012-05-07 19:40 - 00032518 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-22 10:59 - 2012-05-07 19:40 - 00000178 ___SH () C:\Documents and Settings\bully\ntuser.ini
2014-08-22 10:59 - 2012-05-07 19:40 - 00000000 ____D () C:\Documents and Settings\bully
2014-08-22 10:53 - 2012-05-14 14:48 - 00002285 _____ () C:\Documents and Settings\All Users\Desktop\Reflect.lnk
2014-08-22 10:53 - 2012-05-07 19:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-08-22 10:53 - 2012-05-07 12:23 - 00000000 ____D () C:\WINDOWS\repair
2014-08-22 10:51 - 2014-08-22 10:51 - 00000000 ____D () C:\mbar
2014-08-22 10:50 - 2014-08-18 22:12 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\uTorrent
2014-08-22 00:12 - 2014-08-20 18:36 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\.ACEStream
2014-08-21 23:41 - 2012-05-07 14:40 - 00000000 ____D () C:\WordExcel Docs
2014-08-21 23:16 - 2012-05-07 15:52 - 00002483 _____ () C:\Documents and Settings\bully\Desktop\Microsoft Word.lnk
2014-08-21 23:11 - 2014-06-21 17:53 - 00000000 ____D () C:\Bit Torrent
2014-08-21 20:36 - 2012-05-08 18:49 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\FileZilla
2014-08-21 19:42 - 2014-08-21 19:41 - 04968079 _____ (Tim Kosse) C:\Documents and Settings\bully\Desktop\FileZilla_3.8.0_win32-setup.exe
2014-08-21 19:42 - 2012-05-08 18:49 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-08-21 19:42 - 2012-05-08 18:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
2014-08-21 18:40 - 2014-07-21 12:42 - 00000000 ___HD () C:\_acestream_cache_
2014-08-21 17:53 - 2014-08-21 17:53 - 00699568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-21 17:53 - 2014-08-21 17:53 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-21 17:10 - 2014-08-21 17:10 - 00000000 ____D () C:\SonyTV software
2014-08-21 16:50 - 2014-08-21 16:50 - 00000000 ____D () C:\MBanti-rootkit
2014-08-21 16:46 - 2012-05-08 15:34 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\Audacity
2014-08-21 14:15 - 2012-05-07 15:52 - 00002481 _____ () C:\Documents and Settings\bully\Desktop\Microsoft Excel.lnk
2014-08-21 13:59 - 2014-08-21 13:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-08-21 13:51 - 2014-08-15 11:14 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-21 13:50 - 2014-08-15 11:10 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-21 13:43 - 2014-06-21 17:52 - 00000000 ____D () C:\Temp
2014-08-21 11:42 - 2014-08-02 23:52 - 00182530 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1614895754-1606980848-725345543-1004-0.dat
2014-08-21 11:37 - 2014-02-25 13:09 - 00000000 ____D () C:\Program Files\PeerBlock
2014-08-20 18:36 - 2014-08-20 18:36 - 00002012 _____ () C:\Documents and Settings\bully\Desktop\Ace Player.lnk
2014-08-20 18:36 - 2014-08-20 18:35 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\ACEStream
2014-08-20 11:42 - 2006-02-28 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-19 19:52 - 2014-06-21 18:01 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-08-19 19:52 - 2012-05-07 17:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-08-19 19:43 - 2013-03-24 15:40 - 00000000 ____D () C:\Program Files\Opera
2014-08-19 19:31 - 2014-08-19 19:31 - 00873680 _____ (Opera Software) C:\Documents and Settings\bully\My Documents\Opera_NI_stable.exe
2014-08-19 19:31 - 2014-08-19 19:31 - 00000000 ____D () C:\Documents and Settings\bully\Local Settings\Application Data\Opera Software
2014-08-19 19:31 - 2014-08-19 19:31 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\Opera Software
2014-08-19 00:27 - 2014-08-19 00:27 - 02347384 _____ (ESET) C:\Documents and Settings\bully\Desktop\esetsmartinstaller_enu.exe
2014-08-19 00:21 - 2014-08-19 00:21 - 00001537 _____ () C:\Documents and Settings\bully\Desktop\mkvmerge.lnk
2014-08-19 00:21 - 2012-11-29 17:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MKVToolNix
2014-08-18 21:59 - 2014-08-18 21:59 - 00004012 _____ () C:\Documents and Settings\bully\Local Settings\Application Data\recently-used.xbel
2014-08-18 21:59 - 2014-07-23 19:05 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\deluge
2014-08-18 21:54 - 2013-01-21 19:48 - 00000874 _____ () C:\Documents and Settings\bully\Desktop\SyncBackFree.lnk
2014-08-18 13:33 - 2012-05-07 16:22 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\Skype
2014-08-18 13:26 - 2014-08-18 13:26 - 00002415 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-08-18 13:26 - 2014-08-18 13:26 - 00000000 ___RD () C:\Program Files\Skype
2014-08-18 13:26 - 2014-08-18 13:26 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-18 13:26 - 2014-08-18 13:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-08-18 13:26 - 2014-03-07 14:06 - 00000000 ____D () C:\Documents and Settings\bully\Local Settings\Application Data\Skype
2014-08-18 13:26 - 2012-05-07 16:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-08-18 13:20 - 2014-04-14 13:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SkypeMate
2014-08-18 12:27 - 2012-05-07 19:36 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-08-18 12:26 - 2014-08-18 11:38 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-18 12:26 - 2012-05-31 11:29 - 00000000 ____D () C:\Program Files\Trend Micro
2014-08-17 21:52 - 2014-08-17 21:52 - 00007561 _____ () C:\Documents and Settings\bully\My Documents\My Backup(1).xml
2014-08-17 18:39 - 2012-05-07 21:16 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-08-17 12:45 - 2014-08-17 12:44 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\vlc
2014-08-16 21:03 - 2012-05-07 17:50 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-08-16 13:50 - 2006-02-28 13:00 - 00000371 _____ () C:\WINDOWS\win.ini
2014-08-16 11:00 - 2014-08-16 10:59 - 00000000 ____D () C:\Documents and Settings\bully\Start Menu\Programs\SopCast
2014-08-16 10:59 - 2014-08-16 10:59 - 00000666 _____ () C:\Documents and Settings\bully\Desktop\SopCast.lnk
2014-08-16 10:59 - 2014-08-16 10:57 - 00000000 ____D () C:\Program Files\SopCast
2014-08-15 18:31 - 2014-08-15 18:31 - 00000000 ____D () C:\Program Files\ESET
2014-08-15 18:31 - 2014-07-21 13:33 - 00033982 _____ () C:\WINDOWS\setupapi.log
2014-08-15 15:54 - 2014-07-30 12:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-08-15 11:23 - 2014-08-15 11:23 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\Avira
2014-08-15 11:22 - 2014-08-15 11:22 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Avira
2014-08-15 11:22 - 2014-08-15 11:20 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-08-15 11:21 - 2014-08-15 11:20 - 00000000 ____D () C:\Program Files\Avira
2014-08-15 11:21 - 2014-08-15 11:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira
2014-08-15 11:20 - 2014-08-15 11:20 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-08-15 11:10 - 2014-08-15 11:10 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-15 11:10 - 2014-08-15 11:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-15 11:10 - 2014-08-15 11:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-15 11:10 - 2014-08-15 11:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-15 10:38 - 2012-05-07 12:26 - 00000239 ___SH () C:\boot.ini
2014-08-15 10:38 - 2006-02-28 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-14 23:14 - 2014-07-25 17:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-14 15:58 - 2012-05-07 19:40 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2014-08-14 10:51 - 2013-10-10 21:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-14 10:45 - 2012-05-07 19:38 - 00001507 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2014-08-13 13:36 - 2014-08-13 13:25 - 00001085 _____ () C:\Documents and Settings\bully\My Documents\virgin outages.txt
2014-08-11 23:52 - 2012-09-15 13:43 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\Yamb
2014-08-10 20:08 - 2012-05-08 19:44 - 00000409 _____ () C:\WINDOWS\LEXSTAT.INI
2014-08-10 12:29 - 2014-04-13 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2014-08-09 11:37 - 2012-06-18 13:31 - 00000000 ____D () C:\Web Pages
2014-08-08 10:27 - 2014-08-08 10:27 - 00000068 _____ () C:\Documents and Settings\bully\My Documents\TESCO CODES.txt
2014-08-07 15:02 - 2014-08-07 15:01 - 00000644 _____ () C:\Documents and Settings\bully\Desktop\Recording Control.lnk
2014-08-06 11:46 - 2014-06-21 17:59 - 00000000 ____D () C:\Documents and Settings\bully\My Documents\BILLS
2014-08-05 13:45 - 2014-08-05 13:45 - 00007680 ___SH () C:\WINDOWS\Thumbs.db
2014-08-05 13:45 - 2012-05-12 23:54 - 00031232 _____ () C:\Documents and Settings\bully\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-04 20:34 - 2014-08-04 20:34 - 00000047 _____ () C:\Documents and Settings\bully\My Documents\ebay sounds web address.txt
2014-08-04 19:18 - 2014-08-04 19:18 - 00000160 _____ () C:\Documents and Settings\bully\My Documents\atervista settings.txt
2014-08-04 19:01 - 2014-08-04 19:01 - 00000259 _____ () C:\Documents and Settings\bully\My Documents\feeola settings.txt
2014-08-03 19:44 - 2014-08-03 19:38 - 00000218 _____ () C:\Documents and Settings\bully\My Documents\ip settings.txt
2014-08-03 15:47 - 2014-08-03 15:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Macrium
2014-08-03 13:58 - 2012-05-13 01:12 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\avidemux
2014-07-31 23:42 - 2014-08-14 10:48 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-30 17:32 - 2014-07-30 17:32 - 00000732 _____ () C:\Documents and Settings\bully\Desktop\SubtitleEdit.lnk
2014-07-29 22:41 - 2014-07-27 23:31 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\MPC-HC
2014-07-29 15:56 - 2014-07-29 15:56 - 00000422 _____ () C:\Documents and Settings\bully\My Documents\lloyscomplaint.txt
2014-07-29 14:27 - 2014-07-29 14:27 - 00000012 _____ () C:\Documents and Settings\bully\My Documents\virgin freephone.txt
2014-07-28 13:17 - 2014-06-21 17:59 - 00000000 ____D () C:\Documents and Settings\bully\My Documents\Receipts
2014-07-27 23:31 - 2014-07-27 23:31 - 00000522 _____ () C:\Documents and Settings\bully\Desktop\mpc-hc.lnk
2014-07-27 23:31 - 2014-07-27 23:30 - 00000000 ____D () C:\MPC-HC.1.7.6.x86
2014-07-27 20:12 - 2013-01-03 00:51 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\VideoReDo-TVSuite4
2014-07-27 19:02 - 2012-06-21 22:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DVD Shrink
2014-07-26 20:05 - 2014-07-26 20:05 - 04907008 _____ () C:\Documents and Settings\bully\My Documents\VTS_01_0.sub
2014-07-26 20:05 - 2014-07-26 20:05 - 00038018 _____ () C:\Documents and Settings\bully\My Documents\VTS_01_0.idx
2014-07-26 17:11 - 2012-06-09 16:43 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\dvdcss
2014-07-26 11:30 - 2012-05-07 14:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-25 18:28 - 2013-10-31 14:04 - 00044788 ____H () C:\WINDOWS\system32\mlfcache.dat
2014-07-25 17:43 - 2012-05-07 12:23 - 00000000 ____D () C:\WINDOWS\Help
2014-07-25 15:08 - 2012-05-07 12:27 - 00281336 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-25 15:08 - 2012-05-07 12:00 - 00050064 _____ () C:\Documents and Settings\bully\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-07-24 12:21 - 2012-05-07 19:57 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-07-23 13:29 - 2014-08-15 11:21 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-07-23 13:29 - 2014-08-15 11:21 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-07-23 13:29 - 2014-08-15 11:21 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2014-07-23 13:29 - 2014-08-15 11:21 - 00028520 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2014-07-23 00:00 - 2012-05-07 15:52 - 00002489 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk

Some content of TEMP:
====================
C:\Documents and Settings\bully\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\bully\Local Settings\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-08-2014
Ran by bully at 2014-08-22 11:20:05
Running from C:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AC-3 ACM Codec 2.1 (HKLM\...\AC3ACM) (Version: 2.1 - fccHandler)
Ace Stream Media 2.1.10.1 (HKCU\...\AceStream) (Version: 2.1.10.1 - Ace Stream Media)
Acronis Disk Director Home (HKLM\...\{9CCC78EF-027E-40E0-9B61-39932C65E3FE}) (Version: 11.0.216 - Acronis)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{B000FB7B-A489-25FC-EA84-1AA54AAD55BB}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avira (HKLM\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
BearPaw 2400CU Plus web V1.2 (HKLM\...\InstallShield_{27F8D5CE-421C-4324-8402-4D551A364F5F}) (Version: 1.2 - Mustek)
BearPaw 2400CU Plus web V1.2 (Version: 1.2 - Mustek) Hidden
calibre (HKLM\...\{D0AA226A-712B-4119-9B28-ABEDD936720F}) (Version: 1.26.0 - Kovid Goyal)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0825.2146.37182 - ATI) Hidden
CCC Help English (Version: 2010.0825.2145.37182 - ATI) Hidden
ccc-core-static (Version: 2010.0825.2146.37182 - ATI) Hidden
ccc-utility (Version: 2010.0825.2146.37182 - ATI) Hidden
CCExtractor (HKLM\...\{3843A421-F062-4CE7-BAF9-44176B61CF4D}) (Version: 0.64.0 - CCExtractor)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ConvertHelper 2.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Exact Audio Copy 1.0beta3 (HKLM\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
exPressit SE (HKLM\...\{BB42C935-456E-4A6C-B357-FDEE7A59FE21}) (Version: 3.10.0000 - Medea International Ltd)
ffdshow v1.2.4422 [2012-04-09] (HKLM\...\ffdshow_is1) (Version: 1.2.4422.0 - )
FFmpeg v0.6.2 for Audacity (HKLM\...\FFmpeg for Audacity_is1) (Version:  - )
FileZilla Client 3.8.0 (HKLM\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Haali Media Splitter (HKLM\...\HaaliMkx) (Version:  - )
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Drive Key Boot Utility (HKLM\...\HP Drive Key Boot Utility) (Version:  - )
HP USB Disk Storage Format Tool (HKLM\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
Image Analyzer (HKLM\...\Image Analyzer) (Version:  - )
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Lame ACM MP3 Codec (HKLM\...\LameACM) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Lexmark 640 Series (HKLM\...\Lexmark 640 Series) (Version:  - )
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Lotus SmartSuite - English (HKLM\...\{536D6172-7453-7569-7465-392E36300409}) (Version:  - Lotus Development Corporation)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7109 - Paramount Software (UK) Ltd.) Hidden
Macromedia Dreamweaver 4 (HKLM\...\{ABDA9912-5D00-11D4-BAE7-9367CA097955}) (Version: 4.0 - Macromedia)
Macromedia Extension Manager (HKLM\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.2 - Macromedia)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Tool Web Package:diskpart.exe (HKLM\...\{9782762F-639B-499B-A23D-5EBEAFC160E6}) (Version: 1.0.0.1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MKVToolNix 5.8.0 (HKLM\...\MKVToolNix) (Version: 5.8.0 - Moritz Bunkus)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MP3 Diags (HKLM\...\MP3Diags) (Version:  - )
Mp3tag v2.57 (HKLM\...\Mp3tag) (Version: v2.57 - Florian Heidenreich)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
Nero 11 DiscSpeed (HKLM\...\{B8B03F99-F600-4D96-ADBD-2F384240FB9C}) (Version: 11.0.00400 - Nero AG)
Nero Core Components 11 (Version: 11.0.15401.1.15 - Nero AG) Hidden
Nero DiscSpeed 11 (Version: 7.0.10400.2.100 - Nero AG) Hidden
Nero DiscSpeed 11 Help (CHM) (Version: 11.0.10000 - Nero AG) Hidden
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
nero.prerequisites.msi (Version: 11.0.20008 - Nero AG) Hidden
NET Traffic Meter (HKLM\...\NET Traffic Meter) (Version: 2.0 - KC's ToolBox)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Paint Shop Pro 4.12 (HKLM\...\Paint Shop Pro 4.12) (Version:  - )
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SanDisk SSD Toolkit 1.0.0.1 (HKLM\...\{26326B5B-3D62-4C12-8841-6B55A19B552D}_is1) (Version: 1.0.0.1 - SanDisk Corporation)
SDFormatter (HKLM\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Sigil 0.6.2 (HKLM\...\Sigil_is1) (Version:  - John Schember)
SkypeMate (HKLM\...\SkypeMate) (Version:  - SkypeMate)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SopCast 3.9.2 (HKLM\...\SopCast) (Version: 3.9.2 - www.sopcast.com)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.6110 - Analog Devices)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Subtitle Workshop 2.51 (HKLM\...\SubtitleWorkshop) (Version:  - )
SubtitleCreator (HKLM\...\SubtitleCreator) (Version: V2.3rc1 - Erik Vullings)
SyncBackFree (HKLM\...\SyncBackFree_is1) (Version: 6.5.38.0 - 2BrightSparks)
TMPGEnc DVD Author 1.6 (HKLM\...\{9CD89DD7-234A-4801-9D87-3DE352E146A0}) (Version: 1.6.34 - Pegasys Inc.)
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VideoReDo TVSuite Version 4.20.6.612 (HKLM\...\VideoReDo4_is1) (Version:  - DRD Systems, Inc.)
VobSub v2.23 (Remove Only) (HKLM\...\VobSub) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Format 11 SDK (HKLM\...\{009435FA-9011-4C36-AE7C-CCC9669E7875}) (Version: 11.0.0.5145 - Microsoft Corporation)
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\x264vfw) (Version:  - )
Xvid MPEG-4 Video Codec (HKLM\...\xvid) (Version:  - Xvid Development Team)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-02-28 13:00 - 2014-07-21 12:46 - 00000842 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2014-03-28 10:35 - 2014-03-28 10:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-07-21 12:50 - 2014-07-21 12:50 - 00082384 _____ () C:\Program Files\Macrium\Reflect\AESDll.dll
2012-05-07 14:28 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-14 16:00 - 2014-08-04 14:20 - 00052472 _____ () C:\Documents and Settings\bully\Local Settings\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2010-03-16 12:22 - 2010-03-16 12:22 - 00014848 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
2010-08-04 15:58 - 2010-08-04 15:58 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-25 21:44 - 2010-08-25 21:44 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-08-04 14:20 - 2014-08-04 14:20 - 00067832 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2010-05-25 19:53 - 2010-05-25 19:53 - 02139400 _____ () C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
2014-07-25 17:57 - 2014-07-25 17:57 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-21 17:53 - 2014-08-21 17:53 - 17048240 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WdfLoadGroup => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk => C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk => C:\WINDOWS\pss\Lotus QuickStart.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^bully^Start Menu^Programs^Startup^Lotus SmartSuite 9.6 - English Registration.lnk => C:\WINDOWS\pss\Lotus SmartSuite 9.6 - English Registration.lnkStartup
MSCONFIG\startupreg: AceStream => C:\Documents and Settings\bully\Application Data\ACEStream\engine\ace_engine.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Advanced SystemCare 7 => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
MSCONFIG\startupreg: Boxoft Tools => "C:\Documents and Settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe" -autorun
MSCONFIG\startupreg: Ext2 Volume Manager => "C:\Program Files\Ext2Fsd\Ext2Mgr.exe" -quiet
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\bully\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: LVCOMSX => C:\WINDOWS\system32\LVCOMSX.EXE
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Slick Savings => "C:\Documents and Settings\bully\Application Data\Slick Savings\CouponsHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: TorrentStream => C:\Documents and Settings\bully\Application Data\TorrentStream\engine\tsengine.exe

==================== Faulty Device Manager Devices =============

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4D36E969-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 1394 Net Adapter
Description: 1394 Net Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: NIC1394
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/21/2014 10:42:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ipmgui.exe, version 14.0.6.522, faulting module ipmgui.exe, version 14.0.6.522, fault address 0x0000795b.
Processing media-specific event for [ipmgui.exe!ws!]

Error: (08/21/2014 08:42:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ipmgui.exe, version 14.0.6.522, faulting module ipmgui.exe, version 14.0.6.522, fault address 0x0000795b.
Processing media-specific event for [ipmgui.exe!ws!]

Error: (08/21/2014 06:42:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ipmgui.exe, version 14.0.6.522, faulting module ipmgui.exe, version 14.0.6.522, fault address 0x0000795b.
Processing media-specific event for [ipmgui.exe!ws!]

Error: (08/21/2014 04:42:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ipmgui.exe, version 14.0.6.522, faulting module ipmgui.exe, version 14.0.6.522, fault address 0x0000795b.
Processing media-specific event for [ipmgui.exe!ws!]

Error: (08/19/2014 03:16:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, faulting module mbamcore.dll, version 1.0.11.0, fault address 0x0003c560.
Processing media-specific event for [mbam.exe!ws!]

Error: (08/15/2014 01:15:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, faulting module mbamcore.dll, version 1.0.11.0, fault address 0x0003c560.
Processing media-specific event for [mbam.exe!ws!]

Error: (07/28/2014 01:05:59 PM) (Source: Microsoft Office 10) (EventID: 1001) (User: )
Description: Fault bucket 2059394427.

Error: (07/28/2014 01:05:27 PM) (Source: Microsoft Office 10) (EventID: 1000) (User: )
Description: Faulting application winword.exe, version 10.0.6866.0, faulting module winword.exe, version 10.0.6866.0, fault address 0x00005c97.

Error: (07/28/2014 01:03:49 PM) (Source: Microsoft Office 10) (EventID: 1000) (User: )
Description: Faulting application winword.exe, version 10.0.6866.0, faulting module winword.exe, version 10.0.6866.0, fault address 0x00005c97.

Error: (07/27/2014 09:23:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, faulting module mbamcore.dll, version 1.0.11.0, fault address 0x0003c560.
Processing media-specific event for [mbam.exe!ws!]


System errors:
=============
Error: (08/22/2014 11:00:33 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (08/22/2014 11:00:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LiveUpdate service failed to start due to the following error:
%%2

Error: (08/21/2014 11:03:17 PM) (Source: DCOM) (EventID: 10005) (User: WWFC-B7DFF83E8A)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (08/21/2014 05:04:23 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.0.2 on the
Network Card with network address 001BFC9C7BD8.

Error: (08/21/2014 03:56:08 PM) (Source: DCOM) (EventID: 10005) (User: WWFC-B7DFF83E8A)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (08/21/2014 03:53:10 PM) (Source: DCOM) (EventID: 10005) (User: WWFC-B7DFF83E8A)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (08/21/2014 03:43:03 PM) (Source: DCOM) (EventID: 10005) (User: WWFC-B7DFF83E8A)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (08/21/2014 03:42:00 PM) (Source: DCOM) (EventID: 10005) (User: WWFC-B7DFF83E8A)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (08/21/2014 01:19:24 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service upnphost with arguments ""
in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (08/21/2014 01:19:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LiveUpdate service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (08/21/2014 10:42:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmgui.exe14.0.6.522ipmgui.exe14.0.6.5220000795b

Error: (08/21/2014 08:42:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmgui.exe14.0.6.522ipmgui.exe14.0.6.5220000795b

Error: (08/21/2014 06:42:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmgui.exe14.0.6.522ipmgui.exe14.0.6.5220000795b

Error: (08/21/2014 04:42:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ipmgui.exe14.0.6.522ipmgui.exe14.0.6.5220000795b

Error: (08/19/2014 03:16:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.532mbamcore.dll1.0.11.00003c560

Error: (08/15/2014 01:15:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.532mbamcore.dll1.0.11.00003c560

Error: (07/28/2014 01:05:59 PM) (Source: Microsoft Office 10) (EventID: 1001) (User: )
Description: 2059394427

Error: (07/28/2014 01:05:27 PM) (Source: Microsoft Office 10) (EventID: 1000) (User: )
Description: winword.exe10.0.6866.0winword.exe10.0.6866.000005c97

Error: (07/28/2014 01:03:49 PM) (Source: Microsoft Office 10) (EventID: 1000) (User: )
Description: winword.exe10.0.6866.0winword.exe10.0.6866.000005c97

Error: (07/27/2014 09:23:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.532mbamcore.dll1.0.11.00003c560


==================== Memory info ===========================

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 24%
Total physical RAM: 3326.48 MB
Available physical RAM: 2506.8 MB
Total Pagefile: 5210.6 MB
Available Pagefile: 4346.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.24 GB) (Free:102.82 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Local Disk) (Fixed) (Total:931.51 GB) (Free:297.34 GB) NTFS
Drive e: (Local Disk) (Fixed) (Total:19.53 GB) (Free:3.2 GB) NTFS
Drive f: (Local Disk) (Fixed) (Total:213.35 GB) (Free:76.85 GB) NTFS
Drive i: (WD HDD) (Fixed) (Total:232.88 GB) (Free:108.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: DC8F9784)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 119.2 GB) (Disk ID: 0104DCD2)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: C532C532)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 232.9 GB) (Disk ID: 09840983)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=213.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Link to post
Share on other sites

  • Root Admin

No I'm looking at damage that was probably due to an infection and the damage never really cleaned up. Might be difficult to nearly impossible to fix but we'll try.

 

 

Let's start to try and fix it by having you do the following and then restart the computer.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

I tried to do this, but FRST crashed. I managed to get a copy of 4f4f_appcompat.txt before it disappeared. Copy below.

 

I was also left with two files in my documents and settings\temp file:

 

etilqs_uzQHnxwn8c1aljG

etilqs_pc9yf9VZ9phBgr9

 

and an empty folder:

 

plugtmp-1

 

 

<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="FRST.exe" FILTER="GRABMI_FILTER_PRIVACY">
    <MATCHING_FILE NAME="esetsmartinstaller_enu.exe" SIZE="2347384" CHECKSUM="0x83329F91" BIN_FILE_VERSION="1.0.0.6421" BIN_PRODUCT_VERSION="1.0.0.6421" PRODUCT_VERSION="1.0.0.6421" FILE_DESCRIPTION="ESET Smart Installer" COMPANY_NAME="ESET" PRODUCT_NAME="ESET Smart Installer" FILE_VERSION="1.0.0.6421" ORIGINAL_FILENAME="ESETSmartInstaller.exe" INTERNAL_NAME="ESETSmartInstaller.exe" LEGAL_COPYRIGHT="Copyright © ESET 1992-2011. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x23F375" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.0.0.6421" UPTO_BIN_PRODUCT_VERSION="1.0.0.6421" LINK_DATE="04/04/2013 10:30:47" UPTO_LINK_DATE="04/04/2013 10:30:47" VER_LANGUAGE="English (United States) [0x409]" />
    <MATCHING_FILE NAME="FileZilla_3.8.0_win32-setup.exe" SIZE="4968079" CHECKSUM="0xB5BC5086" BIN_FILE_VERSION="3.8.0.0" BIN_PRODUCT_VERSION="3.8.0.0" PRODUCT_VERSION="3.8.0" FILE_DESCRIPTION="FileZilla FTP Client" COMPANY_NAME="Tim Kosse" PRODUCT_NAME="FileZilla" FILE_VERSION="3.8.0" ORIGINAL_FILENAME="FileZilla_3.8.0_win32-setup.exe" LEGAL_COPYRIGHT="Tim Kosse" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x60001" UPTO_BIN_FILE_VERSION="3.8.0.0" UPTO_BIN_PRODUCT_VERSION="3.8.0.0" LINK_DATE="09/09/2009 13:23:23" UPTO_LINK_DATE="09/09/2009 13:23:23" VER_LANGUAGE="Language Neutral [0x0]" />
    <MATCHING_FILE NAME="FRST.exe" SIZE="1094144" CHECKSUM="0x9B77B11C" BIN_FILE_VERSION="21.8.2014.0" BIN_PRODUCT_VERSION="3.3.12.0" PRODUCT_VERSION="3.3.12.0" FILE_DESCRIPTION="Farbar Recovery Scan Tool" COMPANY_NAME="Farbar" FILE_VERSION="21.8.2014.0" LEGAL_COPYRIGHT="©1999-2014 Jonathan Bennett & AutoIt Team" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x0" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="21.8.2014.0" UPTO_BIN_PRODUCT_VERSION="3.3.12.0" LINK_DATE="08/21/2014 17:32:08" UPTO_LINK_DATE="08/21/2014 17:32:08" VER_LANGUAGE="English (United Kingdom) [0x809]" />
    <MATCHING_FILE NAME="hjsplit.exe" SIZE="201728" CHECKSUM="0x2F3BAC9C" BIN_FILE_VERSION="3.0.0.0" BIN_PRODUCT_VERSION="3.0.0.0" PRODUCT_VERSION="3.0" FILE_DESCRIPTION="HJSplit" COMPANY_NAME="Freebyte.com" PRODUCT_NAME="HJSplit" FILE_VERSION="3.0.0.0" ORIGINAL_FILENAME="HJSplit.exe" INTERNAL_NAME="HJSplit" LEGAL_COPYRIGHT="1995 - 2010, Freebyte.com" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="3.0.0.0" UPTO_BIN_PRODUCT_VERSION="3.0.0.0" LINK_DATE="06/19/1992 22:22:17" UPTO_LINK_DATE="06/19/1992 22:22:17" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
    <MATCHING_FILE NAME="kernel32.dll" SIZE="993280" CHECKSUM="0x599F4100" BIN_FILE_VERSION="5.1.2600.6532" BIN_PRODUCT_VERSION="5.1.2600.6532" PRODUCT_VERSION="5.1.2600.6532" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.6532 (xpsp_sp3_qfe.140312-0419)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xF63D5" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.6532" UPTO_BIN_PRODUCT_VERSION="5.1.2600.6532" LINK_DATE="03/12/2014 10:48:50" UPTO_LINK_DATE="03/12/2014 10:48:50" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>

Link to post
Share on other sites

  • Root Admin

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

I read the tutorial and started the app. First of all it said i wasn't connected to the internet but but then it did download and install recovery console. Then it started to scan, but it said typically 10 minutes. I waited 70 mins and then had to reset the pc as nothing else would work. Should i have waited longer?

Link to post
Share on other sites

Well, i found my way there but avira crashed when i tried to open it in safe mode (to disable it). Despite it saying it had to close, it was still open according to combofix. So i uninstalled Avira completely and ran combofix, but like before it just seemed to stall. I gave up after about 70 minutes again. Oh, and i tried it overnight in normal mode at the weekend, but it was still going nowhere 10 hours later.

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
STEP 06

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 08

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

STEP 04

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by bully on 26/08/2014 at 12:25:17.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\bully\Application Data\mozilla\firefox\profiles\e8sr68fs.default-1406300849984\prefs.js

user_pref("avira.safe_search.search_was_active", "false");
user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"147d92f55232d-03f79fbc9499ce-7c6f1635-0-147d92f55241bf\"");
user_pref("extensions.safesearch.SAUTH_rndsnr", "\"d605b72dc9031ef900934cdd376d894b54b38f13\"");
user_pref("extensions.safesearch.install", "1408358740498");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/08/2014 at 12:27:56.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

STEP 05

 

# AdwCleaner v3.308 - Report created 26/08/2014 at 12:36:53
# Updated 20/08/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : bully - WWFC-B7DFF83E8A
# Running from : C:\Documents and Settings\bully\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\bully\Favorites\Search

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Documents and Settings\bully\Application Data\Mozilla\Firefox\Profiles\e8sr68fs.default-1406300849984\prefs.js ]


[ File : C:\Documents and Settings\bully\Application Data\Mozilla\Firefox\Profiles\tkwibr2f.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1046 octets] - [26/08/2014 12:31:08]
AdwCleaner[s0].txt - [971 octets] - [26/08/2014 12:36:53]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1030 octets] ##########

STEP 06

 

Malwarebytes reported no threats and took a minute to close.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 26/08/2014
Scan Time: 12:44:21
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.26.01
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: bully

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314378
Time Elapsed: 6 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

STEP 07

 

No threats found

 

STEP 08

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
Ran by bully (administrator) on WWFC-B7DFF83E8A on 26-08-2014 13:37:58
Running from C:\Documents and Settings\bully\Desktop
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
() C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [868352 2006-12-18] (Analog Devices, Inc.)
HKLM\...\Run: [soundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165624 2014-08-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wiziwig.tv/competition.php?part=sports&discipline=football
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1381317984392
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\bully\Application Data\Mozilla\Firefox\Profiles\e8sr68fs.default-1406300849984
FF Homepage: hxxp://homepage.ntlworld.com/erwin.flick/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.2.10-next -> C:\Documents and Settings\bully\Application Data\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Documents and Settings\bully\Application Data\Mozilla\Firefox\Profiles\e8sr68fs.default-1406300849984\searchplugins\avira-safesearch.xml
FF Extension: AS Magic Player - C:\Documents and Settings\bully\Application Data\Mozilla\Firefox\Profiles\e8sr68fs.default-1406300849984\Extensions\magicplayer@acestream.org [2014-08-22]
FF Extension: InFormEnter - C:\Documents and Settings\bully\Application Data\Mozilla\Firefox\Profiles\e8sr68fs.default-1406300849984\Extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920} [2014-07-25]
FF Extension: MAFIAAFire Redirector - C:\Documents and Settings\bully\Application Data\Mozilla\Firefox\Profiles\e8sr68fs.default-1406300849984\Extensions\MafiaaFire@mafiaafire.com.xpi [2014-08-19]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-25]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-07-25]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-05-07]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [158000 2014-08-14] (Avira Operations GmbH & Co. KG)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2004-05-24] (Lexmark International, Inc.)
R2 OS Selector; C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2010-05-25] ()
S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-31] (SteelWerX) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [2462160 2014-07-21] (Paramount Software UK Ltd)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
S2 Skype C2C Service; "C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ADIDTSFiltService; C:\WINDOWS\System32\drivers\adidts.sys [139776 2006-12-08] (Analog Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [101904 2010-07-21] (ATI Technologies, Inc.)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [97648 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37352 2014-08-15] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [33408 2012-06-09] (B.H.A Corporation) [File not signed]
S3 GT680x; C:\WINDOWS\System32\Drivers\gt680x.sys [12416 2006-06-16] (         )
S3 libusb0; C:\WINDOWS\System32\drivers\libusb0.sys [21504 2012-03-02] (http://libusb-win32.sourceforge.net) [File not signed]
R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [52736 2011-04-05] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [18944 2011-04-05] (NVIDIA Corporation)
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
S3 PSVolAcc; C:\WINDOWS\system32\Drivers\PSVolAcc.sys [12248 2014-07-21] (Paramount Software UK Ltd)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2012-06-12] (Sonic Solutions) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2014-08-15] (Avira GmbH)
S3 uac4pdt; C:\WINDOWS\System32\DRIVERS\uac4pdt.sys [15232 2005-02-24] (Micronas GmbH)
S4 IntelIde; No ImagePath
S3 LVUSBSta; system32\drivers\lvusbsta.sys [X]
S3 QCMerced; system32\DRIVERS\LVCM.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 13:37 - 2014-08-26 13:38 - 00010734 _____ () C:\Documents and Settings\bully\Desktop\FRST.txt
2014-08-26 13:37 - 2014-08-26 13:37 - 01095168 _____ (Farbar) C:\Documents and Settings\bully\Desktop\FRST.exe
2014-08-26 13:03 - 2014-08-26 13:03 - 02347384 _____ (ESET) C:\Documents and Settings\bully\Desktop\esetsmartinstaller_enu.exe
2014-08-26 12:40 - 2014-08-26 12:40 - 00001110 _____ () C:\Documents and Settings\bully\Desktop\AdwCleaner[s0].txt
2014-08-26 12:30 - 2014-08-26 12:36 - 00000000 ____D () C:\AdwCleaner
2014-08-26 12:30 - 2014-08-26 12:30 - 01364531 _____ () C:\Documents and Settings\bully\Desktop\AdwCleaner.exe
2014-08-26 12:27 - 2014-08-26 12:27 - 00001093 _____ () C:\Documents and Settings\bully\Desktop\JRT.txt
2014-08-26 12:24 - 2014-08-26 12:24 - 01016261 _____ (Thisisu) C:\Documents and Settings\bully\Desktop\JRT.exe
2014-08-26 00:11 - 2014-08-26 00:11 - 00001492 _____ () C:\Documents and Settings\bully\Desktop\Opera.lnk
2014-08-25 12:52 - 2014-08-25 12:52 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\Avira
2014-08-25 12:47 - 2014-08-25 12:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Avira
2014-08-25 12:46 - 2014-08-15 10:30 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-08-25 12:46 - 2014-08-15 10:30 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-08-25 12:46 - 2014-08-15 10:30 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2014-08-25 12:46 - 2014-08-15 10:30 - 00028520 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2014-08-25 12:45 - 2014-08-25 12:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-08-25 12:45 - 2014-08-25 12:46 - 00000000 ____D () C:\Program Files\Avira
2014-08-25 11:37 - 2014-08-25 11:38 - 00000000 ___SD () C:\ComboFix
2014-08-25 10:57 - 2014-08-25 11:28 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-25 10:57 - 2014-08-25 11:01 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-25 10:57 - 2014-08-25 10:57 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-25 10:57 - 2014-08-25 10:57 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-25 10:57 - 2012-05-07 19:38 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-08-25 10:57 - 2012-05-07 19:38 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-08-24 23:51 - 2014-08-24 23:51 - 00000000 ____D () C:\Qoobox
2014-08-23 20:21 - 2014-08-23 20:21 - 00000208 _____ () C:\Documents and Settings\bully\My Documents\tsb errors.txt
2014-08-22 18:55 - 2014-08-25 23:44 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\.ACEStream
2014-08-22 18:55 - 2014-08-25 21:03 - 00000000 ___HD () C:\_acestream_cache_
2014-08-22 18:55 - 2014-08-22 18:55 - 00002012 _____ () C:\Documents and Settings\bully\Desktop\Ace Player.lnk
2014-08-22 18:54 - 2014-08-22 18:55 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\ACEStream
2014-08-22 17:34 - 2014-08-22 17:34 - 00000000 ____D () C:\Documents and Settings\bully\Local Settings\Application Data\Adobe
2014-08-22 12:31 - 2014-08-22 12:31 - 00000000 _RSHD () C:\cmdcons
2014-08-22 12:31 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-08-22 12:30 - 2014-08-22 12:30 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-22 12:30 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-08-22 12:30 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-08-22 12:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-08-22 12:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-08-22 12:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-08-22 12:30 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-08-22 12:30 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-08-22 12:30 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-08-22 12:30 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-08-22 12:24 - 2014-08-24 23:51 - 05572212 ____R (Swearware) C:\Documents and Settings\bully\Desktop\ComboFix.exe
2014-08-22 12:05 - 2014-08-26 13:38 - 00000000 ____D () C:\FRST
2014-08-21 17:53 - 2014-08-21 17:53 - 00699568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-21 17:53 - 2014-08-21 17:53 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-21 17:10 - 2014-08-21 17:10 - 00000000 ____D () C:\SonyTV software
2014-08-21 16:50 - 2014-08-21 16:50 - 00000000 ____D () C:\MBanti-rootkit
2014-08-21 13:51 - 2014-08-21 13:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-08-19 19:31 - 2014-08-19 19:31 - 00873680 _____ (Opera Software) C:\Documents and Settings\bully\My Documents\Opera_NI_stable.exe
2014-08-19 19:31 - 2014-08-19 19:31 - 00000000 ____D () C:\Documents and Settings\bully\Local Settings\Application Data\Opera Software
2014-08-19 19:31 - 2014-08-19 19:31 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\Opera Software
2014-08-19 00:21 - 2014-08-19 00:21 - 00001537 _____ () C:\Documents and Settings\bully\Desktop\mkvmerge.lnk
2014-08-18 22:12 - 2014-08-24 23:49 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\uTorrent
2014-08-18 21:59 - 2014-08-18 21:59 - 00004012 _____ () C:\Documents and Settings\bully\Local Settings\Application Data\recently-used.xbel
2014-08-18 13:26 - 2014-08-18 13:26 - 00002415 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-08-18 13:26 - 2014-08-18 13:26 - 00000000 ___RD () C:\Program Files\Skype
2014-08-18 13:26 - 2014-08-18 13:26 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-18 13:26 - 2014-08-18 13:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-08-18 11:38 - 2014-08-18 12:26 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-17 21:52 - 2014-08-17 21:52 - 00007561 _____ () C:\Documents and Settings\bully\My Documents\My Backup(1).xml
2014-08-17 12:44 - 2014-08-17 12:45 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\vlc
2014-08-16 10:59 - 2014-08-16 11:00 - 00000000 ____D () C:\Documents and Settings\bully\Start Menu\Programs\SopCast
2014-08-16 10:59 - 2014-08-16 10:59 - 00000666 _____ () C:\Documents and Settings\bully\Desktop\SopCast.lnk
2014-08-16 10:57 - 2014-08-16 10:59 - 00000000 ____D () C:\Program Files\SopCast
2014-08-15 18:31 - 2014-08-15 18:31 - 00000000 ____D () C:\Program Files\ESET
2014-08-15 11:20 - 2014-08-25 12:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira
2014-08-15 11:20 - 2014-08-25 12:45 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-08-15 11:14 - 2014-08-26 12:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-15 11:10 - 2014-08-21 13:50 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-15 11:10 - 2014-08-15 11:10 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-15 11:10 - 2014-08-15 11:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-15 11:10 - 2014-08-15 11:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-15 11:10 - 2014-08-15 11:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-15 11:10 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-14 10:48 - 2014-07-31 23:42 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-13 13:25 - 2014-08-13 13:36 - 00001085 _____ () C:\Documents and Settings\bully\My Documents\virgin outages.txt
2014-08-08 10:27 - 2014-08-08 10:27 - 00000068 _____ () C:\Documents and Settings\bully\My Documents\TESCO CODES.txt
2014-08-07 15:01 - 2014-08-07 15:02 - 00000644 _____ () C:\Documents and Settings\bully\Desktop\Recording Control.lnk
2014-08-05 13:45 - 2014-08-05 13:45 - 00007680 ___SH () C:\WINDOWS\Thumbs.db
2014-08-04 20:34 - 2014-08-04 20:34 - 00000047 _____ () C:\Documents and Settings\bully\My Documents\ebay sounds web address.txt
2014-08-04 19:18 - 2014-08-04 19:18 - 00000160 _____ () C:\Documents and Settings\bully\My Documents\atervista settings.txt
2014-08-04 19:01 - 2014-08-04 19:01 - 00000259 _____ () C:\Documents and Settings\bully\My Documents\feeola settings.txt
2014-08-03 19:38 - 2014-08-03 19:44 - 00000218 _____ () C:\Documents and Settings\bully\My Documents\ip settings.txt
2014-08-03 15:47 - 2014-08-03 15:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Macrium
2014-08-02 23:52 - 2014-08-26 12:37 - 00182530 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-08-02 23:52 - 2014-08-26 12:37 - 00182530 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1614895754-1606980848-725345543-1004-0.dat
2014-07-30 17:32 - 2014-07-30 17:32 - 00000732 _____ () C:\Documents and Settings\bully\Desktop\SubtitleEdit.lnk
2014-07-30 12:05 - 2014-08-26 11:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-07-29 15:56 - 2014-07-29 15:56 - 00000422 _____ () C:\Documents and Settings\bully\My Documents\lloyscomplaint.txt
2014-07-29 14:27 - 2014-07-29 14:27 - 00000012 _____ () C:\Documents and Settings\bully\My Documents\virgin freephone.txt
2014-07-27 23:31 - 2014-07-29 22:41 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\MPC-HC
2014-07-27 23:31 - 2014-07-27 23:31 - 00000522 _____ () C:\Documents and Settings\bully\Desktop\mpc-hc.lnk
2014-07-27 23:30 - 2014-07-27 23:31 - 00000000 ____D () C:\MPC-HC.1.7.6.x86

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 13:38 - 2014-08-26 13:37 - 00010734 _____ () C:\Documents and Settings\bully\Desktop\FRST.txt
2014-08-26 13:38 - 2014-08-22 12:05 - 00000000 ____D () C:\FRST
2014-08-26 13:38 - 2012-05-07 19:40 - 00000000 ____D () C:\Documents and Settings\bully\Local Settings\Temp
2014-08-26 13:37 - 2014-08-26 13:37 - 01095168 _____ (Farbar) C:\Documents and Settings\bully\Desktop\FRST.exe
2014-08-26 13:35 - 2012-05-07 14:40 - 00000000 ____D () C:\WordExcel Docs
2014-08-26 13:31 - 2012-05-07 15:52 - 00002481 _____ () C:\Documents and Settings\bully\Desktop\Microsoft Excel.lnk
2014-08-26 13:03 - 2014-08-26 13:03 - 02347384 _____ (ESET) C:\Documents and Settings\bully\Desktop\esetsmartinstaller_enu.exe
2014-08-26 12:43 - 2014-08-15 11:14 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 12:40 - 2014-08-26 12:40 - 00001110 _____ () C:\Documents and Settings\bully\Desktop\AdwCleaner[s0].txt
2014-08-26 12:40 - 2012-05-07 19:37 - 01201779 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-26 12:39 - 2014-07-21 13:30 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-08-26 12:39 - 2014-07-21 13:30 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-08-26 12:39 - 2013-08-09 10:43 - 00000444 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-08-26 12:38 - 2012-05-07 19:40 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-26 12:37 - 2014-08-02 23:52 - 00182530 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-08-26 12:37 - 2014-08-02 23:52 - 00182530 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1614895754-1606980848-725345543-1004-0.dat
2014-08-26 12:37 - 2012-05-07 19:40 - 00032518 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-26 12:37 - 2012-05-07 19:40 - 00000178 ___SH () C:\Documents and Settings\bully\ntuser.ini
2014-08-26 12:37 - 2012-05-07 19:40 - 00000000 ____D () C:\Documents and Settings\bully
2014-08-26 12:37 - 2012-05-07 13:44 - 00196608 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-08-26 12:36 - 2014-08-26 12:30 - 00000000 ____D () C:\AdwCleaner
2014-08-26 12:30 - 2014-08-26 12:30 - 01364531 _____ () C:\Documents and Settings\bully\Desktop\AdwCleaner.exe
2014-08-26 12:27 - 2014-08-26 12:27 - 00001093 _____ () C:\Documents and Settings\bully\Desktop\JRT.txt
2014-08-26 12:24 - 2014-08-26 12:24 - 01016261 _____ (Thisisu) C:\Documents and Settings\bully\Desktop\JRT.exe
2014-08-26 12:24 - 2012-05-08 15:34 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\Audacity
2014-08-26 11:58 - 2012-05-07 21:16 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-08-26 11:45 - 2012-05-07 19:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-08-26 11:43 - 2014-07-30 12:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache
2014-08-26 00:25 - 2014-02-25 13:09 - 00000000 ____D () C:\Program Files\PeerBlock
2014-08-26 00:11 - 2014-08-26 00:11 - 00001492 _____ () C:\Documents and Settings\bully\Desktop\Opera.lnk
2014-08-25 23:44 - 2014-08-22 18:55 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\.ACEStream
2014-08-25 22:24 - 2012-05-07 15:52 - 00002483 _____ () C:\Documents and Settings\bully\Desktop\Microsoft Word.lnk
2014-08-25 21:03 - 2014-08-22 18:55 - 00000000 ___HD () C:\_acestream_cache_
2014-08-25 12:52 - 2014-08-25 12:52 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\Avira
2014-08-25 12:47 - 2014-08-25 12:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Avira
2014-08-25 12:47 - 2014-08-25 12:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-08-25 12:46 - 2014-08-25 12:45 - 00000000 ____D () C:\Program Files\Avira
2014-08-25 12:46 - 2014-08-15 11:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avira
2014-08-25 12:45 - 2014-08-15 11:20 - 00000858 _____ () C:\Documents and Settings\All Users\Desktop\Avira.lnk
2014-08-25 11:38 - 2014-08-25 11:37 - 00000000 ___SD () C:\ComboFix
2014-08-25 11:33 - 2014-07-21 13:33 - 00035216 _____ () C:\WINDOWS\setupapi.log
2014-08-25 11:28 - 2014-08-25 10:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-25 11:01 - 2014-08-25 10:57 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-25 10:57 - 2014-08-25 10:57 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-25 10:57 - 2014-08-25 10:57 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-24 23:51 - 2014-08-24 23:51 - 00000000 ____D () C:\Qoobox
2014-08-24 23:51 - 2014-08-22 12:24 - 05572212 ____R (Swearware) C:\Documents and Settings\bully\Desktop\ComboFix.exe
2014-08-24 23:49 - 2014-08-18 22:12 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\uTorrent
2014-08-24 22:56 - 2012-05-08 18:49 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\FileZilla
2014-08-24 12:28 - 2006-02-28 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-23 21:02 - 2014-06-21 18:01 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-08-23 21:02 - 2012-05-07 17:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\TEMP
2014-08-23 20:21 - 2014-08-23 20:21 - 00000208 _____ () C:\Documents and Settings\bully\My Documents\tsb errors.txt
2014-08-23 20:20 - 2014-06-21 17:53 - 00000000 ____D () C:\Bit Torrent
2014-08-22 19:30 - 2012-05-07 19:36 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-08-22 18:55 - 2014-08-22 18:55 - 00002012 _____ () C:\Documents and Settings\bully\Desktop\Ace Player.lnk
2014-08-22 18:55 - 2014-08-22 18:54 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\ACEStream
2014-08-22 17:34 - 2014-08-22 17:34 - 00000000 ____D () C:\Documents and Settings\bully\Local Settings\Application Data\Adobe
2014-08-22 12:31 - 2014-08-22 12:31 - 00000000 _RSHD () C:\cmdcons
2014-08-22 12:31 - 2012-05-07 12:26 - 00000355 __RSH () C:\boot.ini
2014-08-22 12:30 - 2014-08-22 12:30 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-22 10:53 - 2012-05-14 14:48 - 00002285 _____ () C:\Documents and Settings\All Users\Desktop\Reflect.lnk
2014-08-22 10:53 - 2012-05-07 12:23 - 00000000 ____D () C:\WINDOWS\repair
2014-08-21 19:42 - 2012-05-08 18:49 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-08-21 19:42 - 2012-05-08 18:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
2014-08-21 17:53 - 2014-08-21 17:53 - 00699568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-08-21 17:53 - 2014-08-21 17:53 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-21 17:10 - 2014-08-21 17:10 - 00000000 ____D () C:\SonyTV software
2014-08-21 16:50 - 2014-08-21 16:50 - 00000000 ____D () C:\MBanti-rootkit
2014-08-21 13:59 - 2014-08-21 13:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-08-21 13:50 - 2014-08-15 11:10 - 00054232 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-21 13:43 - 2014-06-21 17:52 - 00000000 ____D () C:\Temporary stuff
2014-08-19 19:43 - 2013-03-24 15:40 - 00000000 ____D () C:\Program Files\Opera
2014-08-19 19:31 - 2014-08-19 19:31 - 00873680 _____ (Opera Software) C:\Documents and Settings\bully\My Documents\Opera_NI_stable.exe
2014-08-19 19:31 - 2014-08-19 19:31 - 00000000 ____D () C:\Documents and Settings\bully\Local Settings\Application Data\Opera Software
2014-08-19 19:31 - 2014-08-19 19:31 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\Opera Software
2014-08-19 00:21 - 2014-08-19 00:21 - 00001537 _____ () C:\Documents and Settings\bully\Desktop\mkvmerge.lnk
2014-08-19 00:21 - 2012-11-29 17:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MKVToolNix
2014-08-18 21:59 - 2014-08-18 21:59 - 00004012 _____ () C:\Documents and Settings\bully\Local Settings\Application Data\recently-used.xbel
2014-08-18 21:59 - 2014-07-23 19:05 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\deluge
2014-08-18 21:54 - 2013-01-21 19:48 - 00000874 _____ () C:\Documents and Settings\bully\Desktop\SyncBackFree.lnk
2014-08-18 13:33 - 2012-05-07 16:22 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\Skype
2014-08-18 13:26 - 2014-08-18 13:26 - 00002415 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-08-18 13:26 - 2014-08-18 13:26 - 00000000 ___RD () C:\Program Files\Skype
2014-08-18 13:26 - 2014-08-18 13:26 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-18 13:26 - 2014-08-18 13:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2014-08-18 13:26 - 2014-03-07 14:06 - 00000000 ____D () C:\Documents and Settings\bully\Local Settings\Application Data\Skype
2014-08-18 13:26 - 2012-05-07 16:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
2014-08-18 13:20 - 2014-04-14 13:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SkypeMate
2014-08-18 12:26 - 2014-08-18 11:38 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-18 12:26 - 2012-05-31 11:29 - 00000000 ____D () C:\Program Files\Trend Micro
2014-08-17 21:52 - 2014-08-17 21:52 - 00007561 _____ () C:\Documents and Settings\bully\My Documents\My Backup(1).xml
2014-08-17 12:45 - 2014-08-17 12:44 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\vlc
2014-08-16 21:03 - 2012-05-07 17:50 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-08-16 13:50 - 2006-02-28 13:00 - 00000371 _____ () C:\WINDOWS\win.ini
2014-08-16 11:00 - 2014-08-16 10:59 - 00000000 ____D () C:\Documents and Settings\bully\Start Menu\Programs\SopCast
2014-08-16 10:59 - 2014-08-16 10:59 - 00000666 _____ () C:\Documents and Settings\bully\Desktop\SopCast.lnk
2014-08-16 10:59 - 2014-08-16 10:57 - 00000000 ____D () C:\Program Files\SopCast
2014-08-15 18:31 - 2014-08-15 18:31 - 00000000 ____D () C:\Program Files\ESET
2014-08-15 11:10 - 2014-08-15 11:10 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-15 11:10 - 2014-08-15 11:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-15 11:10 - 2014-08-15 11:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-15 11:10 - 2014-08-15 11:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-15 10:38 - 2014-04-04 14:41 - 00000239 _____ () C:\Boot.bak
2014-08-15 10:38 - 2006-02-28 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-08-15 10:30 - 2014-08-25 12:46 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-08-15 10:30 - 2014-08-25 12:46 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-08-15 10:30 - 2014-08-25 12:46 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2014-08-15 10:30 - 2014-08-25 12:46 - 00028520 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2014-08-14 23:14 - 2014-07-25 17:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-14 15:58 - 2012-05-07 19:40 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2014-08-14 10:51 - 2013-10-10 21:11 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-14 10:45 - 2012-05-07 19:38 - 00001507 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2014-08-13 13:36 - 2014-08-13 13:25 - 00001085 _____ () C:\Documents and Settings\bully\My Documents\virgin outages.txt
2014-08-11 23:52 - 2012-09-15 13:43 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\Yamb
2014-08-10 20:08 - 2012-05-08 19:44 - 00000409 _____ () C:\WINDOWS\LEXSTAT.INI
2014-08-10 12:29 - 2014-04-13 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData
2014-08-09 11:37 - 2012-06-18 13:31 - 00000000 ____D () C:\Web Pages
2014-08-08 10:27 - 2014-08-08 10:27 - 00000068 _____ () C:\Documents and Settings\bully\My Documents\TESCO CODES.txt
2014-08-07 15:02 - 2014-08-07 15:01 - 00000644 _____ () C:\Documents and Settings\bully\Desktop\Recording Control.lnk
2014-08-06 11:46 - 2014-06-21 17:59 - 00000000 ____D () C:\Documents and Settings\bully\My Documents\BILLS
2014-08-05 13:45 - 2014-08-05 13:45 - 00007680 ___SH () C:\WINDOWS\Thumbs.db
2014-08-05 13:45 - 2012-05-12 23:54 - 00031232 _____ () C:\Documents and Settings\bully\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-04 20:34 - 2014-08-04 20:34 - 00000047 _____ () C:\Documents and Settings\bully\My Documents\ebay sounds web address.txt
2014-08-04 19:18 - 2014-08-04 19:18 - 00000160 _____ () C:\Documents and Settings\bully\My Documents\atervista settings.txt
2014-08-04 19:01 - 2014-08-04 19:01 - 00000259 _____ () C:\Documents and Settings\bully\My Documents\feeola settings.txt
2014-08-03 19:44 - 2014-08-03 19:38 - 00000218 _____ () C:\Documents and Settings\bully\My Documents\ip settings.txt
2014-08-03 15:47 - 2014-08-03 15:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Macrium
2014-08-03 13:58 - 2012-05-13 01:12 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\avidemux
2014-07-31 23:42 - 2014-08-14 10:48 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-30 17:32 - 2014-07-30 17:32 - 00000732 _____ () C:\Documents and Settings\bully\Desktop\SubtitleEdit.lnk
2014-07-29 22:41 - 2014-07-27 23:31 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\MPC-HC
2014-07-29 15:56 - 2014-07-29 15:56 - 00000422 _____ () C:\Documents and Settings\bully\My Documents\lloyscomplaint.txt
2014-07-29 14:27 - 2014-07-29 14:27 - 00000012 _____ () C:\Documents and Settings\bully\My Documents\virgin freephone.txt
2014-07-28 13:17 - 2014-06-21 17:59 - 00000000 ____D () C:\Documents and Settings\bully\My Documents\Receipts
2014-07-27 23:31 - 2014-07-27 23:31 - 00000522 _____ () C:\Documents and Settings\bully\Desktop\mpc-hc.lnk
2014-07-27 23:31 - 2014-07-27 23:30 - 00000000 ____D () C:\MPC-HC.1.7.6.x86
2014-07-27 20:12 - 2013-01-03 00:51 - 00000000 ____D () C:\Documents and Settings\bully\Application Data\VideoReDo-TVSuite4
2014-07-27 19:02 - 2012-06-21 22:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DVD Shrink

Some content of TEMP:
====================
C:\Documents and Settings\bully\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\bully\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\bully\Local Settings\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

  • Root Admin

You're continuing to have services crash and not running properly. For now until we get this resolved please do the following steps exactly as provided. If you have questions or issues let me know.

 

 

Download ALL files below first before uninstalling any antivirus or other security software. Then DO NOT go online to read email or browse the Web until you have security software running again.
If needed print out these directions or save them to your computer. Again, do not access email or browse the Web without antivirus running.

STEP 1
First download a new installer for Avira and save it to your computer don't run it yet.
Avira Free antivirus download at Filehippo

STEP 2
Next download a new installer for MBAM and save it to your computer don't run it yet.
Download MBAM installer

STEP 3
Next download the manual registry cleaner for Avira to remove any left over elements of Avira but don't run it yet.
avira_registry_cleaner_en.zip

STEP 4
Download TFC from here and save it to your desktop but don't run it yet.
TFC.exe download

STEP 5
Now that you have the installers and removal tool please go into your Control Panel, Add/Remove and uninstall Avira and reboot the computer.

STEP 6
Extract the Avira Registry cleaner from the zip file and run it.

STEP 7
Now temporarily uninstall MBAM as well and reboot the computer.

STEP 8
Click on START or Command Prompt and open a DOS command prompt and type the following.

CHKDSK C: /R

It will say the drive is locked and cannot run and ask if you want to run it on a restart. Press the Y key and Enter key and then restart the computer.
A full disk check should start on reboot. Do not stop it let it run. It may take anywhere from a few minutes to many hours to run.
You can then copy/paste the results from the Event Logs back here to show what the disk check found or did (after you get your antivirus and MBAM running again as shown below.)
How to view and manage event logs in Event Viewer in Windows XP

STEP 9
Now find the TFC.EXE program you downloaded before and run it and reboot the computer.

STEP 10
Now go ahead and install your Avira antivirus, check for updates and do a Full System Scan and on your next reply let me know if it found anything or not.

STEP 11
Now go ahead and install MBAM, check for updates, activate it if needed and do a threat scan as shown below. Post back the log on your next reply.

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 12
Let me get a new set of FRST logs now. Make sure you place a check mark in the Additions.txt check box for that log too.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.

Post back all logs on your next reply and we'll go from there.


 

 

 

Link to post
Share on other sites

STEP 8

 

I wasn't sure what type of event files you wanted so i saved any with entries. I could not see how to isolate the events showing what chkdsk did and i saved them as .evt files - a mistake i think. I went back at the end of the steps and saved them as txt files and deleted anything before today and pasted the System and ACEevent log logs below. I have the Application Security and Windows Power Shell logs if you want them.

 

chkdisk took a matter of a few seconds to run.

 

SYSTEM EVENT VIEWER

 

27/08/2014    12:02:31    Service Control Manager    Information    None    7035    WWFC-B7DFF83E8A\bully    WWFC-B7DFF83E8A    The MBAMSwissArmy service was successfully sent a start control.
27/08/2014    12:01:49    Service Control Manager    Information    None    7035    WWFC-B7DFF83E8A\bully    WWFC-B7DFF83E8A    The MBAMSwissArmy service was successfully sent a start control.
27/08/2014    12:01:20    Service Control Manager    Information    None    7035    WWFC-B7DFF83E8A\bully    WWFC-B7DFF83E8A    The MBAMSwissArmy service was successfully sent a start control.
27/08/2014    11:51:25    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The MS Software Shadow Copy Provider service entered the stopped state.
27/08/2014    11:48:25    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Volume Shadow Copy service entered the stopped state.
27/08/2014    11:31:52    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Removable Storage service entered the stopped state.
27/08/2014    11:31:52    Removable Storage Service    Information    None    98    N/A    WWFC-B7DFF83E8A    RSM was stopped.
27/08/2014    11:31:22    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Removable Storage service entered the running state.
27/08/2014    11:31:21    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Removable Storage service was successfully sent a start control.
27/08/2014    11:21:30    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Removable Storage service entered the stopped state.
27/08/2014    11:21:30    Removable Storage Service    Information    None    98    N/A    WWFC-B7DFF83E8A    RSM was stopped.
27/08/2014    11:20:57    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Removable Storage service entered the running state.
27/08/2014    11:20:57    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Removable Storage service was successfully sent a start control.
27/08/2014    11:20:56    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Removable Storage service entered the stopped state.
27/08/2014    11:20:56    Removable Storage Service    Information    None    98    N/A    WWFC-B7DFF83E8A    RSM was stopped.
27/08/2014    11:20:08    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Removable Storage service entered the running state.
27/08/2014    11:20:08    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Removable Storage service was successfully sent a start control.
27/08/2014    11:20:07    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Distributed Transaction Coordinator service entered the running state.
27/08/2014    11:20:07    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Distributed Transaction Coordinator service was successfully sent a start control.
27/08/2014    11:20:06    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The COM+ System Application service entered the running state.
27/08/2014    11:20:06    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The COM+ System Application service was successfully sent a start control.
27/08/2014    11:20:06    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The MS Software Shadow Copy Provider service entered the running state.
27/08/2014    11:20:06    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The MS Software Shadow Copy Provider service was successfully sent a start control.
27/08/2014    11:20:06    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Volume Shadow Copy service entered the running state.
27/08/2014    11:20:06    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Volume Shadow Copy service was successfully sent a start control.
27/08/2014    11:13:25    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Skype Updater service entered the stopped state.
27/08/2014    11:12:58    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Avira Scheduler service entered the running state.
27/08/2014    11:12:58    Service Control Manager    Information    None    7035    WWFC-B7DFF83E8A\bully    WWFC-B7DFF83E8A    The Avira Scheduler service was successfully sent a start control.
27/08/2014    11:12:58    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Avira Real-Time Protection service entered the running state.
27/08/2014    11:12:57    avgntflt    Information    None    17    N/A    WWFC-B7DFF83E8A    avgntflt.sys successfully loaded
27/08/2014    11:12:47    Service Control Manager    Information    None    7035    WWFC-B7DFF83E8A\bully    WWFC-B7DFF83E8A    The Avira Real-Time Protection service was successfully sent a start control.
27/08/2014    11:12:47    Service Control Manager    Information    None    7035    WWFC-B7DFF83E8A\bully    WWFC-B7DFF83E8A    The avipbb service was successfully sent a start control.
27/08/2014    11:12:46    avipbb    Information    None    17    N/A    WWFC-B7DFF83E8A    avipbb.sys successfully loaded
27/08/2014    11:12:46    Service Control Manager    Information    None    7035    WWFC-B7DFF83E8A\bully    WWFC-B7DFF83E8A    The avkmgr service was successfully sent a start control.
27/08/2014    11:12:46    avkmgr    Information    None    17    N/A    WWFC-B7DFF83E8A    avkmgr.sys successfully loaded
27/08/2014    11:11:35    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The IMAPI CD-Burning COM Service service entered the stopped state.
27/08/2014    11:11:29    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Remote Access Auto Connection Manager service entered the running state.
27/08/2014    11:11:29    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Remote Access Auto Connection Manager service was successfully sent a start control.
27/08/2014    11:11:29    DCOM    Error    None    10005    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    "DCOM got error ""The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. "" attempting to start the service upnphost with arguments """" in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}"
27/08/2014    11:11:29    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Remote Access Connection Manager service entered the running state.
27/08/2014    11:11:29    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Application Layer Gateway Service service entered the running state.
27/08/2014    11:11:29    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Application Layer Gateway Service service was successfully sent a start control.
27/08/2014    11:11:29    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Windows Presentation Foundation Font Cache 4.0.0.0 service entered the running state.
27/08/2014    11:11:29    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The IMAPI CD-Burning COM Service service entered the running state.
27/08/2014    11:11:29    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Network Location Awareness (NLA) service was successfully sent a start control.
27/08/2014    11:11:29    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Network Location Awareness (NLA) service entered the running state.
27/08/2014    11:11:29    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The IMAPI CD-Burning COM Service service was successfully sent a start control.
27/08/2014    11:11:29    Service Control Manager    Information    None    7035    WWFC-B7DFF83E8A\bully    WWFC-B7DFF83E8A    The Windows Presentation Foundation Font Cache 4.0.0.0 service was successfully sent a start control.
27/08/2014    11:11:29    Service Control Manager    Information    None    7035    WWFC-B7DFF83E8A\bully    WWFC-B7DFF83E8A    The Remote Access Connection Manager service was successfully sent a start control.
27/08/2014    11:11:29    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Fast User Switching Compatibility service was successfully sent a start control.
27/08/2014    11:11:29    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Fast User Switching Compatibility service entered the running state.
27/08/2014    11:11:29    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Fax service entered the stopped state.
27/08/2014    11:11:28    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Fax service was successfully sent a stop control.
27/08/2014    11:11:28    Service Control Manager    Error    None    7000    N/A    WWFC-B7DFF83E8A    The LiveUpdate service failed to start due to the following error:
The system cannot find the file specified.
27/08/2014    11:11:16    EventLog    Information    None    6005    N/A    WWFC-B7DFF83E8A    The Event log service was started.
27/08/2014    11:11:16    EventLog    Information    None    6009    N/A    WWFC-B7DFF83E8A    Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free.
27/08/2014    11:10:22    EventLog    Information    None    6006    N/A    WWFC-B7DFF83E8A    The Event log service was stopped.
27/08/2014    11:09:18    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The IMAPI CD-Burning COM Service service entered the stopped state.
27/08/2014    11:09:12    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The IMAPI CD-Burning COM Service service entered the running state.
27/08/2014    11:09:12    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The IMAPI CD-Burning COM Service service was successfully sent a start control.
27/08/2014    11:08:55    Service Control Manager    Error    None    7034    N/A    WWFC-B7DFF83E8A    The LexBce Server service terminated unexpectedly.  It has done this 1 time(s).
27/08/2014    11:08:54    Service Control Manager    Error    None    7034    N/A    WWFC-B7DFF83E8A    The Acronis OS Selector activator service terminated unexpectedly.  It has done this 1 time(s).
27/08/2014    11:08:54    Service Control Manager    Error    None    7034    N/A    WWFC-B7DFF83E8A    The Macrium Reflect Image Mounting Service service terminated unexpectedly.  It has done this 1 time(s).
27/08/2014    11:08:54    Service Control Manager    Error    None    7034    N/A    WWFC-B7DFF83E8A    The Ati HotKey Poller service terminated unexpectedly.  It has done this 1 time(s).
27/08/2014    11:03:58    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Skype Updater service entered the stopped state.
27/08/2014    11:02:08    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The IMAPI CD-Burning COM Service service entered the stopped state.
27/08/2014    11:02:02    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Remote Access Auto Connection Manager service entered the running state.
27/08/2014    11:02:02    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Remote Access Auto Connection Manager service was successfully sent a start control.
27/08/2014    11:02:02    DCOM    Error    None    10005    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    "DCOM got error ""The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. "" attempting to start the service upnphost with arguments """" in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}"
27/08/2014    11:02:02    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Application Layer Gateway Service service entered the running state.
27/08/2014    11:02:02    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Application Layer Gateway Service service was successfully sent a start control.
27/08/2014    11:02:02    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Remote Access Connection Manager service entered the running state.
27/08/2014    11:02:02    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Windows Presentation Foundation Font Cache 4.0.0.0 service entered the running state.
27/08/2014    11:02:02    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The IMAPI CD-Burning COM Service service entered the running state.
27/08/2014    11:02:02    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Network Location Awareness (NLA) service entered the running state.
27/08/2014    11:02:02    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Network Location Awareness (NLA) service was successfully sent a start control.
27/08/2014    11:02:02    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The IMAPI CD-Burning COM Service service was successfully sent a start control.
27/08/2014    11:02:02    Service Control Manager    Information    None    7035    WWFC-B7DFF83E8A\bully    WWFC-B7DFF83E8A    The Windows Presentation Foundation Font Cache 4.0.0.0 service was successfully sent a start control.
27/08/2014    11:02:02    Service Control Manager    Information    None    7035    WWFC-B7DFF83E8A\bully    WWFC-B7DFF83E8A    The Remote Access Connection Manager service was successfully sent a start control.
27/08/2014    11:02:02    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Fast User Switching Compatibility service entered the running state.
27/08/2014    11:02:02    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Fast User Switching Compatibility service was successfully sent a start control.
27/08/2014    11:02:01    Service Control Manager    Error    None    7000    N/A    WWFC-B7DFF83E8A    The LiveUpdate service failed to start due to the following error:
The system cannot find the file specified.
27/08/2014    11:01:48    EventLog    Information    None    6005    N/A    WWFC-B7DFF83E8A    The Event log service was started.
27/08/2014    11:01:48    EventLog    Information    None    6009    N/A    WWFC-B7DFF83E8A    Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free.
27/08/2014    11:00:49    EventLog    Information    None    6006    N/A    WWFC-B7DFF83E8A    The Event log service was stopped.
27/08/2014    11:00:43    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Ati HotKey Poller service entered the stopped state.
27/08/2014    10:59:24    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The IMAPI CD-Burning COM Service service entered the stopped state.
27/08/2014    10:59:18    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Remote Access Auto Connection Manager service entered the running state.
27/08/2014    10:59:18    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Remote Access Auto Connection Manager service was successfully sent a start control.
27/08/2014    10:59:18    DCOM    Error    None    10005    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    "DCOM got error ""The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. "" attempting to start the service upnphost with arguments """" in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}"
27/08/2014    10:59:18    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Application Layer Gateway Service service entered the running state.
27/08/2014    10:59:18    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Remote Access Connection Manager service entered the running state.
27/08/2014    10:59:18    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Application Layer Gateway Service service was successfully sent a start control.
27/08/2014    10:59:18    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Windows Presentation Foundation Font Cache 4.0.0.0 service entered the running state.
27/08/2014    10:59:18    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The IMAPI CD-Burning COM Service service entered the running state.
27/08/2014    10:59:18    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Network Location Awareness (NLA) service entered the running state.
27/08/2014    10:59:18    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Network Location Awareness (NLA) service was successfully sent a start control.
27/08/2014    10:59:18    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The IMAPI CD-Burning COM Service service was successfully sent a start control.
27/08/2014    10:59:18    Service Control Manager    Information    None    7035    WWFC-B7DFF83E8A\bully    WWFC-B7DFF83E8A    The Windows Presentation Foundation Font Cache 4.0.0.0 service was successfully sent a start control.
27/08/2014    10:59:18    Service Control Manager    Information    None    7035    WWFC-B7DFF83E8A\bully    WWFC-B7DFF83E8A    The Remote Access Connection Manager service was successfully sent a start control.
27/08/2014    10:59:18    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Fast User Switching Compatibility service was successfully sent a start control.
27/08/2014    10:59:18    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Fast User Switching Compatibility service entered the running state.
27/08/2014    10:59:18    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Fax service entered the stopped state.
27/08/2014    10:59:17    Service Control Manager    Error    None    7000    N/A    WWFC-B7DFF83E8A    The LiveUpdate service failed to start due to the following error:
The system cannot find the file specified.
27/08/2014    10:59:05    EventLog    Information    None    6005    N/A    WWFC-B7DFF83E8A    The Event log service was started.
27/08/2014    10:59:05    EventLog    Information    None    6009    N/A    WWFC-B7DFF83E8A    Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free.
27/08/2014    10:58:06    EventLog    Information    None    6006    N/A    WWFC-B7DFF83E8A    The Event log service was stopped.
27/08/2014    10:58:00    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Ati HotKey Poller service entered the stopped state.
27/08/2014    10:58:00    USER32    Information    None    1074    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The process winlogon.exe has initiated the restart of WWFC-B7DFF83E8A for the following reason: No title for this reason could be found
 Minor Reason: 0xff
 Shutdown Type: reboot
 Comment:
27/08/2014    10:57:15    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Skype Updater service entered the stopped state.
27/08/2014    10:55:25    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The IMAPI CD-Burning COM Service service entered the stopped state.
27/08/2014    10:55:19    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Remote Access Auto Connection Manager service entered the running state.
27/08/2014    10:55:19    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Remote Access Auto Connection Manager service was successfully sent a start control.
27/08/2014    10:55:19    DCOM    Error    None    10005    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    "DCOM got error ""The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. "" attempting to start the service upnphost with arguments """" in order to run the server:
{204810B9-73B2-11D4-BF42-00B0D0118B56}"
27/08/2014    10:55:19    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Remote Access Connection Manager service entered the running state.
27/08/2014    10:55:19    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Application Layer Gateway Service service entered the running state.
27/08/2014    10:55:19    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Application Layer Gateway Service service was successfully sent a start control.
27/08/2014    10:55:19    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Windows Presentation Foundation Font Cache 4.0.0.0 service entered the running state.
27/08/2014    10:55:19    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The IMAPI CD-Burning COM Service service entered the running state.
27/08/2014    10:55:19    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Network Location Awareness (NLA) service was successfully sent a start control.
27/08/2014    10:55:19    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Network Location Awareness (NLA) service entered the running state.
27/08/2014    10:55:19    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The IMAPI CD-Burning COM Service service was successfully sent a start control.
27/08/2014    10:55:19    Service Control Manager    Information    None    7035    WWFC-B7DFF83E8A\bully    WWFC-B7DFF83E8A    The Windows Presentation Foundation Font Cache 4.0.0.0 service was successfully sent a start control.
27/08/2014    10:55:19    Service Control Manager    Information    None    7035    WWFC-B7DFF83E8A\bully    WWFC-B7DFF83E8A    The Remote Access Connection Manager service was successfully sent a start control.
27/08/2014    10:55:19    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Fast User Switching Compatibility service entered the running state.
27/08/2014    10:55:19    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Fast User Switching Compatibility service was successfully sent a start control.
27/08/2014    10:55:19    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Fax service entered the stopped state.
27/08/2014    10:55:18    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Fax service was successfully sent a stop control.
27/08/2014    10:55:18    Service Control Manager    Error    None    7000    N/A    WWFC-B7DFF83E8A    The LiveUpdate service failed to start due to the following error:
The system cannot find the file specified.
27/08/2014    10:55:06    EventLog    Information    None    6005    N/A    WWFC-B7DFF83E8A    The Event log service was started.
27/08/2014    10:55:06    EventLog    Information    None    6009    N/A    WWFC-B7DFF83E8A    Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free.
27/08/2014    10:54:10    EventLog    Information    None    6006    N/A    WWFC-B7DFF83E8A    The Event log service was stopped.
27/08/2014    10:54:04    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Ati HotKey Poller service entered the stopped state.
27/08/2014    10:53:32    avipbb    Information    None    17    N/A    WWFC-B7DFF83E8A    avipbb.sys unloaded
27/08/2014    10:53:31    avgntflt    Information    None    17    N/A    WWFC-B7DFF83E8A    AVGNTFLT unloaded
27/08/2014    10:53:30    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Avira Real-Time Protection service entered the stopped state.
27/08/2014    10:53:28    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Avira Scheduler service entered the stopped state.
27/08/2014    10:26:59    Tcpip    Warning    None    4226    N/A    WWFC-B7DFF83E8A    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
27/08/2014    07:14:12    W32Time    Warning    None    36    N/A    WWFC-B7DFF83E8A    The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.
27/08/2014    00:47:34    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The MS Software Shadow Copy Provider service entered the stopped state.
27/08/2014    00:44:35    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Volume Shadow Copy service entered the stopped state.
27/08/2014    00:25:12    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Distributed Transaction Coordinator service entered the running state.
27/08/2014    00:25:12    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Distributed Transaction Coordinator service was successfully sent a start control.
27/08/2014    00:25:11    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The COM+ System Application service entered the running state.
27/08/2014    00:25:11    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The COM+ System Application service was successfully sent a start control.
27/08/2014    00:25:11    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The MS Software Shadow Copy Provider service entered the running state.
27/08/2014    00:25:11    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The MS Software Shadow Copy Provider service was successfully sent a start control.
27/08/2014    00:25:11    Service Control Manager    Information    None    7036    N/A    WWFC-B7DFF83E8A    The Volume Shadow Copy service entered the running state.
27/08/2014    00:25:11    Service Control Manager    Information    None    7035    NT AUTHORITY\SYSTEM    WWFC-B7DFF83E8A    The Volume Shadow Copy service was successfully sent a start control.

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.